Skip to content

Commit

Permalink
chore: stricter access to testremote endpoint
Browse files Browse the repository at this point in the history
Signed-off-by: Benjamin Gaussorgues <[email protected]>
  • Loading branch information
Altahrim authored and backportbot[bot] committed Nov 28, 2024
1 parent b1ffafc commit e39137d
Showing 1 changed file with 2 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,10 @@ protected function testUrl($remote, $checkVersion = false) {
*
* @param string $remote
* @return DataResponse
* @AnonRateThrottle(limit=5, period=120)
*/
public function testRemote($remote) {
if (str_contains($remote, '#') || str_contains($remote, '?') || str_contains($remote, ';')) {
if (preg_match('%[!#$&\'()*+,;=?@[\]]%', $remote)) {
return new DataResponse(false);
}

Expand Down

0 comments on commit e39137d

Please sign in to comment.